- Description
- Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.
- Source
- secalert@redhat.com
- NVD status
- Modified
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:x11:6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD8916AC-DE3B-4BE0-9430-3F234A0170A9"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96E32B9C-B3F6-4344-87B6-0BEA5A058244",
"versionEndIncluding": "1.16.2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:xfree86:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08774719-E2CE-4592-ACE0-C2843DD71D2F"
}
],
"operator": "OR"
}
]
}
]